473,406 Members | 2,343 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > i'm coming back as i\'m - why?

Join Bytes to post your question to a community of 473,406 software developers and data experts.

I'm Coming Back as I\'m - why?

When I send text in a textbox to the server and retrieve into a PHP
var, I'm comes back as I\'m - what is causing this slash and how can I
get rid of it?

Thanks...

Jul 17 '05 #1
8 2023
Carved in mystic runes upon the very living rock, the last words of Ralph
Freshour of comp.lang.php make plain:
When I send text in a textbox to the server and retrieve into a PHP
var, I'm comes back as I\'m - what is causing this slash and how can I
get rid of it?


You have magic_quotes_gpc turned on in your PHP config. Turn it off.

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/
Jul 17 '05 #2
I noticed that Message-ID: <Xn**************************@216.196.97.132>
from Alan Little contained the following:
When I send text in a textbox to the server and retrieve into a PHP
var, I'm comes back as I\'m - what is causing this slash and how can I
get rid of it?


You have magic_quotes_gpc turned on in your PHP config. Turn it off.


Actually, don't.

Use stripslashes($textbox_var)

--
Geoff Berrow
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #3
Geoff Berrow wrote:
I noticed that Message-ID: <Xn**************************@216.196.97.132>
from Alan Little contained the following:
When I send text in a textbox to the server and retrieve into a PHP
var, I'm comes back as I\'m - what is causing this slash and how can I
get rid of it?


You have magic_quotes_gpc turned on in your PHP config. Turn it off.


Actually, don't.

Use stripslashes($textbox_var)


Why? Surely it's better to not convert the input data in the first place
unless required? I've never understood the reasoning behind it defaulting
to on.

--
Jim Dabell

Jul 17 '05 #4
I noticed that Message-ID: <Ms********************@giganews.com> from
Jim Dabell contained the following:
You have magic_quotes_gpc turned on in your PHP config. Turn it off.


Actually, don't.

Use stripslashes($textbox_var)


Why? Surely it's better to not convert the input data in the first place
unless required? I've never understood the reasoning behind it defaulting
to on.


The chap is probably a newbie. Best to play safe.

--
Geoff Berrow
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #5
Geoff Berrow <bl******@ckdog.co.uk> wrote:
You have magic_quotes_gpc turned on in your PHP config. Turn it off.
Actually, don't.

Why?

The chap is probably a newbie. Best to play safe.


Please explain why you think magic_quotes_gpc would increase safety?

--

Daniel Tryba

Jul 17 '05 #6
Daniel Tryba wrote:
Geoff Berrow <bl******@ckdog.co.uk> wrote:
>You have magic_quotes_gpc turned on in your PHP config. Turn it off.

Actually, don't.

Why?


The chap is probably a newbie. Best to play safe.

Please explain why you think magic_quotes_gpc would increase safety?


unescaped special characters in a string can be used to send arbitrary
code to the server. this is dangerous in many ways if exploited
correctly it can most definitely represent a security breach.

for example if I know the string is used to run a command line process
with say something like :

exec("ls $dir", $dirlist, $error );

I can pass it a string that will do anything I want. You may think it is
limited to a "ls" command, but just see what happens if I send it a
string like this " joe; touch myfile; cat ~/.bash_history; rm
~/.bash_history"

see suddenly I have all sorts of control I shouldn't. The similar things
can be done with fields going to a database, by sending it a "';" to
end one SQL command and start sending others...

--
/---+----+----+----+----+----+----++----+----+----+----+----+----+---\
I ph***********@libertydice.org II No nation was ever ruined by I
I http://www.libertydice.org II trade, even seemingly the most I
I remove "3d6" to e-mail II disadvantageous. - Ben Franklin I
\---+----+----+----+----+----+----++----+----+----+----+----+----+---/

Jul 17 '05 #7
Pham Nuwen <ph***********@libertydice.org> wrote:
The chap is probably a newbie. Best to play safe. Please explain why you think magic_quotes_gpc would increase safety?


unescaped special characters in a string can be used to send arbitrary
code to the server. this is dangerous in many ways if exploited
correctly it can most definitely represent a security breach.

[ls exanple] see suddenly I have all sorts of control I shouldn't. The similar things
can be done with fields going to a database, by sending it a "';" to
end one SQL command and start sending others...


You prove the point of disabling magic_quotes_gpc exactly. The ls example
shows that all kind of characters have to be escaped (like (but propable
not limited to) ';', '*', '/', '?').

An other example is the use of textarea's (like the OP(?)), you have to
html escape the users input (including quotes) when displaying it again
in a browser.

IMHO magic_quotes_gpc lulls the user into thinking the data is safe. The
escaping of characters is very important and what to escape is
different for all kinds of use, but no magic_*_escape_thingy exists for
most.

--

Daniel Tryba

Jul 17 '05 #8
Carved in mystic runes upon the very living rock, the last words of Pham
Nuwen of comp.lang.php make plain:
Daniel Tryba wrote:

see suddenly I have all sorts of control I shouldn't. The similar
things can be done with fields going to a database, by sending it a
"';" to end one SQL command and start sending others...


I've tried that with MySQL (on my own databases, of course!) and it doesn't
work. I'm only able to send one query at a time.

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/
Jul 17 '05 #9
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
pls sugg. how to know that the form is coming back to the same form
by: VbUser25 | last post by:
hi, whats happening is i do a form post from a form "A", to a form "B" where it does some processing and then does a form.redirect to form "C"..where there is a link to the form "A". I only want...
ASP / Active Server Pages
18
New project coming up...stay with Python, or go with a dot net language??? Your thoughts please!
by: spiffo | last post by:
The Main Issue in a nutshell I am a corporate developer, working for a single company. Got a new project coming up and wondering if I should stay with Python for this new, fairly large project,...
Python
3
How to read an unsigned 32 bit value coming in via socket??
by: Isi Robayna | last post by:
Hello, I am trying to communicate with a legacy socket server. The first thing this legacy server does upon getting a client connection is to send an ID back to the client... I am trying to read...
C# / C Sharp
15
HTTP_REFERER not there when coming from an ASP Response.Redirect
by: Drebin | last post by:
I am retrofitting a central login application and want to be able to read the Request.ServerVariables so that when they have logged on, I can send them back to wherever they were trying to go.. ...
ASP.NET
2
Pop-up Window Coming back up. Message Box Problem
by: Microsoft News | last post by:
What I have is a message box that pops up. It is another browser window. The code is a general function that you pass message, title and a key to. The box works great except, that if you are on a...
ASP.NET
6
Cannot log out user when leaving and coming back to app
by: Sacha Korell | last post by:
My customer wants a user to be logged out of the system when he uses the same browser to navigate to a different website (without explicitly logging out). In other words, if the user navigates to...
ASP.NET
26
coming back to html and web authoring after 9 years
by: gswork | last post by:
i hadn't designed a web page from the ground up for about 9 years, then i was asked to do one. I'd dabbled with html and vaigly kept up with some of the developments but other than that i've been...
HTML / CSS
5
Coming from delphi - looking for an IDE - willing to spend money
by: Just call me James | last post by:
Hi, Coming away from the luxury of the delphi IDE has been something of a shock. As a consequence I've become aware that maybe I need to spend some money on a python IDE. As a beginner I...
Python
2
function calls coming back as undefined when using setTimeout to fetch them?
by: Noggon | last post by:
My function, called first() keeps coming back to me in the javascript console as being undefined. Yet I can't think why it isn't loaded. Maybe I'm brain dead, so could use some help! :-) What...
Javascript
2
Why is my calculation coming out as 0
by: BerkshireGuy | last post by:
I have the following code - but the calculation is coming out to be 0 rather than the percentage. Any ideas? Thanks Function GetAdoptionRate() As Integer Dim db As DAO.Database Dim rs As...
Microsoft Access / VBA
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!